Re: Wicket Authorization
use
MetaDataRoleAuthorizationStrategy
2010-04-09
wicketyan
发件人: Janani Sundarrajan
发送时间: 2010-04-09 05:38:24
收件人: users@wicket.apache.org
抄送:
主题: Wicket Authorization
Is it possible use a metadata driven component based authorization?
Wicket in Action gives an example
@AdminOnly
private class ModeLink extends Link {.}
Then implement isActionAuthorized() of the Authorization Strategy.
But I feel that it is not a good solution to create new classes for every
role.
Is there a metadata driven way to do this? Can I add some metadata to a
component and then check based on that in the isActionAuthorized() method
of the Authorization Strategy? I am a Wicket newbie, so forgive me if I am
missing something very basic.
Thanks,
~Janani
Wicket Authorization
Is it possible use a metadata driven component based authorization?
Wicket in Action gives an example
@AdminOnly
private class ModeLink extends Link {.}
Then implement isActionAuthorized() of the Authorization Strategy.
But I feel that it is not a good solution to create new classes for every
role.
Is there a metadata driven way to do this? Can I add some metadata to a
component and then check based on that in the isActionAuthorized() method
of the Authorization Strategy? I am a Wicket newbie, so forgive me if I am
missing something very basic.
Thanks,
~Janani
RE: Wicket Authorization (Using MetaDataKey)
I will do that. Thank you.
-Original Message-
From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com]
Sent: Wednesday, April 07, 2010 4:55 PM
To: users@wicket.apache.org
Subject: Re: Wicket Authorization (Using MetaDataKey)
well, there are plenty of uses of this in our code, have a look there
-igor
On Wed, Apr 7, 2010 at 2:51 PM, Janani Sundarrajan
wrote:
> Doesn't seem to work either!
>
> -Original Message-
> From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com]
> Sent: Wednesday, April 07, 2010 4:48 PM
> To: users@wicket.apache.org
> Subject: Re: Wicket Authorization (Using MetaDataKey)
>
> public static MetaDataKey priv = new
> MetaDataKey(){};
>
> -igor
>
> On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan
> wrote:
>> Hello,
>>
>> I am trying to implement a simple authorization strategy for my Wicket
>> application. I am implemented my own AuthorizationStrategy (extending
>> IAuthorizationStrategy).
>>
>> http://old.nabble.com/Authorization-strategy-help-td18948597.html After
>> reading the above link, I figured it makes more sense to use
>> metadata-driven authorization than one using Annotations.
>>
>> So I have a simple RoleCheck class
>>
>> public class RoleCheck {
>>
>> private String privilege;
>>
>> public RoleCheck(String priv) { this.privilege = priv; }
>>
>> public void setPrivilege(String privilege) { this.privilege =
privilege;
> }
>>
>> public String getPrivilege() { return privilege; }
>>
>> }
>>
>> I add it a component public static MetaDataKey priv = new MetaDataKey()
>> {}; editLink.setMetaData(priv, new RoleCheck("Update"));
>>
>> And in my Authorization Strategy class, I try to get the metadata
>> associated with the component
>>
>> public boolean isActionAuthorized(Component component, Action action) {
> if
>> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck)
>> component.getMetaData(EditControlToolBar.priv); if (privCheck != null)
{
>> ... } }
>>
>> However the getMetaData gives an error "Bound mismatch: The generic
> method
>> getMetaData(MetaDataKey) of type Component is not applicable for the
>> arguments (MetaDataKey). The inferred type RoleCheck is not a valid
>> substitute for the bounded parameter "
>>
>> Any help would be appreciated. Thank you
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Authorization (Using MetaDataKey)
well, there are plenty of uses of this in our code, have a look there
-igor
On Wed, Apr 7, 2010 at 2:51 PM, Janani Sundarrajan
wrote:
> Doesn't seem to work either!
>
> -Original Message-
> From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com]
> Sent: Wednesday, April 07, 2010 4:48 PM
> To: users@wicket.apache.org
> Subject: Re: Wicket Authorization (Using MetaDataKey)
>
> public static MetaDataKey priv = new
> MetaDataKey(){};
>
> -igor
>
> On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan
> wrote:
>> Hello,
>>
>> I am trying to implement a simple authorization strategy for my Wicket
>> application. I am implemented my own AuthorizationStrategy (extending
>> IAuthorizationStrategy).
>>
>> http://old.nabble.com/Authorization-strategy-help-td18948597.html After
>> reading the above link, I figured it makes more sense to use
>> metadata-driven authorization than one using Annotations.
>>
>> So I have a simple RoleCheck class
>>
>> public class RoleCheck {
>>
>> private String privilege;
>>
>> public RoleCheck(String priv) { this.privilege = priv; }
>>
>> public void setPrivilege(String privilege) { this.privilege = privilege;
> }
>>
>> public String getPrivilege() { return privilege; }
>>
>> }
>>
>> I add it a component public static MetaDataKey priv = new MetaDataKey()
>> {}; editLink.setMetaData(priv, new RoleCheck("Update"));
>>
>> And in my Authorization Strategy class, I try to get the metadata
>> associated with the component
>>
>> public boolean isActionAuthorized(Component component, Action action) {
> if
>> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck)
>> component.getMetaData(EditControlToolBar.priv); if (privCheck != null) {
>> ... } }
>>
>> However the getMetaData gives an error "Bound mismatch: The generic
> method
>> getMetaData(MetaDataKey) of type Component is not applicable for the
>> arguments (MetaDataKey). The inferred type RoleCheck is not a valid
>> substitute for the bounded parameter "
>>
>> Any help would be appreciated. Thank you
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
RE: Wicket Authorization (Using MetaDataKey)
Doesn't seem to work either!
-Original Message-
From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com]
Sent: Wednesday, April 07, 2010 4:48 PM
To: users@wicket.apache.org
Subject: Re: Wicket Authorization (Using MetaDataKey)
public static MetaDataKey priv = new
MetaDataKey(){};
-igor
On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan
wrote:
> Hello,
>
> I am trying to implement a simple authorization strategy for my Wicket
> application. I am implemented my own AuthorizationStrategy (extending
> IAuthorizationStrategy).
>
> http://old.nabble.com/Authorization-strategy-help-td18948597.html After
> reading the above link, I figured it makes more sense to use
> metadata-driven authorization than one using Annotations.
>
> So I have a simple RoleCheck class
>
> public class RoleCheck {
>
> private String privilege;
>
> public RoleCheck(String priv) { this.privilege = priv; }
>
> public void setPrivilege(String privilege) { this.privilege = privilege;
}
>
> public String getPrivilege() { return privilege; }
>
> }
>
> I add it a component public static MetaDataKey priv = new MetaDataKey()
> {}; editLink.setMetaData(priv, new RoleCheck("Update"));
>
> And in my Authorization Strategy class, I try to get the metadata
> associated with the component
>
> public boolean isActionAuthorized(Component component, Action action) {
if
> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck)
> component.getMetaData(EditControlToolBar.priv); if (privCheck != null) {
> ... } }
>
> However the getMetaData gives an error "Bound mismatch: The generic
method
> getMetaData(MetaDataKey) of type Component is not applicable for the
> arguments (MetaDataKey). The inferred type RoleCheck is not a valid
> substitute for the bounded parameter "
>
> Any help would be appreciated. Thank you
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Authorization (Using MetaDataKey)
public static MetaDataKey priv = new MetaDataKey(){};
-igor
On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan
wrote:
> Hello,
>
> I am trying to implement a simple authorization strategy for my Wicket
> application. I am implemented my own AuthorizationStrategy (extending
> IAuthorizationStrategy).
>
> http://old.nabble.com/Authorization-strategy-help-td18948597.html After
> reading the above link, I figured it makes more sense to use
> metadata-driven authorization than one using Annotations.
>
> So I have a simple RoleCheck class
>
> public class RoleCheck {
>
> private String privilege;
>
> public RoleCheck(String priv) { this.privilege = priv; }
>
> public void setPrivilege(String privilege) { this.privilege = privilege; }
>
> public String getPrivilege() { return privilege; }
>
> }
>
> I add it a component public static MetaDataKey priv = new MetaDataKey()
> {}; editLink.setMetaData(priv, new RoleCheck("Update"));
>
> And in my Authorization Strategy class, I try to get the metadata
> associated with the component
>
> public boolean isActionAuthorized(Component component, Action action) { if
> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck)
> component.getMetaData(EditControlToolBar.priv); if (privCheck != null) {
> ... } }
>
> However the getMetaData gives an error "Bound mismatch: The generic method
> getMetaData(MetaDataKey) of type Component is not applicable for the
> arguments (MetaDataKey). The inferred type RoleCheck is not a valid
> substitute for the bounded parameter "
>
> Any help would be appreciated. Thank you
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Wicket Authorization (Using MetaDataKey)
Hello,
I am trying to implement a simple authorization strategy for my Wicket
application. I am implemented my own AuthorizationStrategy (extending
IAuthorizationStrategy).
http://old.nabble.com/Authorization-strategy-help-td18948597.html After
reading the above link, I figured it makes more sense to use
metadata-driven authorization than one using Annotations.
So I have a simple RoleCheck class
public class RoleCheck {
private String privilege;
public RoleCheck(String priv) { this.privilege = priv; }
public void setPrivilege(String privilege) { this.privilege = privilege; }
public String getPrivilege() { return privilege; }
}
I add it a component public static MetaDataKey priv = new MetaDataKey()
{}; editLink.setMetaData(priv, new RoleCheck("Update"));
And in my Authorization Strategy class, I try to get the metadata
associated with the component
public boolean isActionAuthorized(Component component, Action action) { if
(action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck)
component.getMetaData(EditControlToolBar.priv); if (privCheck != null) {
... } }
However the getMetaData gives an error "Bound mismatch: The generic method
getMetaData(MetaDataKey) of type Component is not applicable for the
arguments (MetaDataKey). The inferred type RoleCheck is not a valid
substitute for the bounded parameter "
Any help would be appreciated. Thank you
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: !! Wicket Authorization Problem !!
I already discovery what was wrong. Thanks anyway.
on the Application Base class the AuthorizationStrategy and
UnauthorizedComponentInstantiationListener must be registred like this:
@Override
protected void init() {
NetCasasAuthorizationStrategy authorizationStrategy = new
NetCasasAuthorizationStrategy();
getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authorizationStrategy);
}
Once again, thanks
--
View this message in context:
http://www.nabble.com/%21%21-Wicket-Authorization-Problem-%21%21-tp22318987p22320534.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
!! Wicket Authorization Problem !!
Hello there. I'm having problems developing Authorization on my
webapplication. I have followed the steps of the chapter 12 of Wicket in
Action. When i try to access to a protected page, the page is renderend
instead of redirected to the Login page. Here is my code. I was wondering if
anyone knows what am i missing.
-->Application Base class
public class NetCasasApplication extends WebApplication{
public NetCasasApplication() {
addComponentInstantiationListener(new
IComponentInstantiationListener() {
public void onInstantiation(Component component) {
if(!getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
{
getSecuritySettings().getUnauthorizedComponentInstantiationListener().onUnauthorizedInstantiation(component);
}
}
});
}
@Override
public Class getHomePage() {
return Index.class;
}
@Override
public Session newSession(Request request, Response response) {
return new NetCasasSession(request);
}
}
--> The Protected page (NetCasas extends WebPage) each page that is suppose
to protected extends this class
package pt.msoftware.netcasas.wicket.security;
import pt.msoftware.netcasas.wicket.NetCasasBasePage;
public class ProtectedPage extends NetCasasBasePage {
}
-->The AuthorizationStrategy
public class NetCasasAuthorizationStrategy implements
IAuthorizationStrategy, IUnauthorizedComponentInstantiationListener {
public boolean isInstantiationAuthorized(Class componentClass) {
if(ProtectedPage.class.isAssignableFrom(componentClass)) {
return NetCasasSession.get().isAuthenticated();
}
return true;
}
public boolean isActionAuthorized(Component component, Action action) {
throw new UnsupportedOperationException("Not supported yet.");
}
public void onUnauthorizedInstantiation(Component component) {
throw new RestartResponseAtInterceptPageException(Login.class);
}
}
On the constructor of the Application Base class (NetCasasApplication) an
interceptor is registered. when i try to access a protected page, the method
onInstantiation is executed. Inside the call
getSecuritySettings().getAuthorizationStrategy() always return a
IAuthorizationStrategy, never a NetCasasAuthorizationStrategy. So the method
NetCasasAuthorizationStrategy.isInstantiationAuthorized is never executed.
So i guess something is missing. Someone knows what?
Thanks for the help.
Os meus melhores cumprimenstos / Best Regards
Marco Santos
--
View this message in context:
http://www.nabble.com/%21%21-Wicket-Authorization-Problem-%21%21-tp22318987p22318987.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
